<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <title>ERB::Util</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <link rel="stylesheet" href="../../css/reset.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../css/main.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../css/github.css" type="text/css" media="screen" />
<script src="../../js/jquery-1.3.2.min.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/jquery-effect.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/main.js" type="text/javascript" charset="utf-8"></script>
<script src="../../js/highlight.pack.js" type="text/javascript" charset="utf-8"></script>

</head>

<body>     
    <div class="banner">
        
            <span>Ruby on Rails v4.0.0</span><br />
        
        <h1>
            <span class="type">Module</span> 
            ERB::Util 
            
        </h1>
        <ul class="files">
            
            <li><a href="../../files/activesupport/lib/active_support/core_ext/string/output_safety_rb.html">activesupport/lib/active_support/core_ext/string/output_safety.rb</a></li>
            
        </ul>
    </div>
    <div id="bodyContent">
        <div id="content">
  


  


  
  


  


  
    <!-- Method ref -->
    <div class="sectiontitle">Methods</div>
    <dl class="methods">
      
        <dt>H</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="Util.html#method-c-h">h</a>,
              </li>
            
              
              <li>
                <a href="Util.html#method-c-html_escape">html_escape</a>,
              </li>
            
              
              <li>
                <a href="Util.html#method-c-html_escape_once">html_escape_once</a>
              </li>
            
          </ul>
        </dd>
      
        <dt>J</dt>
        <dd>
          <ul>
            
              
              <li>
                <a href="Util.html#method-c-json_escape">json_escape</a>
              </li>
            
          </ul>
        </dd>
      
    </dl>
  

  



  

    

    

    
      <!-- Section constants -->
      <div class="sectiontitle">Constants</div>
      <table border='0' cellpadding='5'>
        
          <tr valign='top'>
            <td class="attr-name">HTML_ESCAPE</td>
            <td>=</td>
            <td class="attr-value">{ '&amp;' =&gt; '&amp;amp;',  '&gt;' =&gt; '&amp;gt;',   '&lt;' =&gt; '&amp;lt;', '&quot;' =&gt; '&amp;quot;', &quot;'&quot; =&gt; '&amp;#39;' }</td>
          </tr>
          
            <tr valign='top'>
              <td>&nbsp;</td>
              <td colspan="2" class="attr-desc"></td>
            </tr>
          
        
          <tr valign='top'>
            <td class="attr-name">JSON_ESCAPE</td>
            <td>=</td>
            <td class="attr-value">{ '&amp;' =&gt; '\u0026', '&gt;' =&gt; '\u003E', '&lt;' =&gt; '\u003C' }</td>
          </tr>
          
            <tr valign='top'>
              <td>&nbsp;</td>
              <td colspan="2" class="attr-desc"></td>
            </tr>
          
        
          <tr valign='top'>
            <td class="attr-name">HTML_ESCAPE_ONCE_REGEXP</td>
            <td>=</td>
            <td class="attr-value">/[&quot;&gt;&lt;']|&amp;(?!([a-zA-Z]+|(#\d+));)/</td>
          </tr>
          
            <tr valign='top'>
              <td>&nbsp;</td>
              <td colspan="2" class="attr-desc"></td>
            </tr>
          
        
          <tr valign='top'>
            <td class="attr-name">JSON_ESCAPE_REGEXP</td>
            <td>=</td>
            <td class="attr-value">/[&amp;&quot;&gt;&lt;]/</td>
          </tr>
          
            <tr valign='top'>
              <td>&nbsp;</td>
              <td colspan="2" class="attr-desc"></td>
            </tr>
          
        
      </table>
    


    


    <!-- Methods -->
    
      <div class="sectiontitle">Class Public methods</div>
      
        <div class="method">
          <div class="title method-title" id="method-c-h">
            
              <b>h</b>(s)
            
            <a href="Util.html#method-c-h" name="method-c-h" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              
            </div>
          
          
          
          
          
          </div>
        
        <div class="method">
          <div class="title method-title" id="method-c-html_escape">
            
              <b>html_escape</b>(s)
            
            <a href="Util.html#method-c-html_escape" name="method-c-html_escape" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              <p>A utility method for escaping <a href="../HTML.html">HTML</a> tag
characters. This method is also aliased as <code>h</code>.</p>

<p>In your <a href="../ERB.html">ERB</a> templates, use this method to escape
any unsafe content. For example:</p>

<pre>&lt;%=h @person.name %&gt;

puts html_escape('is a &gt; 0 &amp; a &lt; 10?')
# =&gt; is a &amp;gt; 0 &amp;amp; a &amp;lt; 10?</pre>
            </div>
          
          
          
            <div class="aka">
              Also aliased as: <a href="Util.html#method-i-h">h</a>
            </div>
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-c-html_escape_source')" id="l_method-c-html_escape_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/cc986db54665c4155f1b8da5d3f2ebf4a55ef23f/activesupport/lib/active_support/core_ext/string/output_safety.rb#L19" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-c-html_escape_source" class="dyn-source">
                <pre><span class="ruby-comment"># File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 19</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">html_escape</span>(<span class="ruby-identifier">s</span>)
  <span class="ruby-identifier">s</span> = <span class="ruby-identifier">s</span>.<span class="ruby-identifier">to_s</span>
  <span class="ruby-keyword">if</span> <span class="ruby-identifier">s</span>.<span class="ruby-identifier">html_safe?</span>
    <span class="ruby-identifier">s</span>
  <span class="ruby-keyword">else</span>
    <span class="ruby-identifier">s</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-regexp">/[&amp;&quot;'&gt;&lt;]/</span>, <span class="ruby-constant">HTML_ESCAPE</span>).<span class="ruby-identifier">html_safe</span>
  <span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
        
        <div class="method">
          <div class="title method-title" id="method-c-html_escape_once">
            
              <b>html_escape_once</b>(s)
            
            <a href="Util.html#method-c-html_escape_once" name="method-c-html_escape_once" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              <p>A utility method for escaping <a href="../HTML.html">HTML</a> without
affecting existing escaped entities.</p>

<pre class="ruby"><span class="ruby-identifier">html_escape_once</span>(<span class="ruby-string">'1 &lt; 2 &amp;amp; 3'</span>)
<span class="ruby-comment"># =&gt; &quot;1 &amp;lt; 2 &amp;amp; 3&quot;</span>

<span class="ruby-identifier">html_escape_once</span>(<span class="ruby-string">'&amp;lt;&amp;lt; Accept &amp; Checkout'</span>)
<span class="ruby-comment"># =&gt; &quot;&amp;lt;&amp;lt; Accept &amp;amp; Checkout&quot;</span>
</pre>
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-c-html_escape_once_source')" id="l_method-c-html_escape_once_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/cc986db54665c4155f1b8da5d3f2ebf4a55ef23f/activesupport/lib/active_support/core_ext/string/output_safety.rb#L44" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-c-html_escape_once_source" class="dyn-source">
                <pre><span class="ruby-comment"># File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 44</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">html_escape_once</span>(<span class="ruby-identifier">s</span>)
  <span class="ruby-identifier">result</span> = <span class="ruby-identifier">s</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-constant">HTML_ESCAPE_ONCE_REGEXP</span>, <span class="ruby-constant">HTML_ESCAPE</span>)
  <span class="ruby-identifier">s</span>.<span class="ruby-identifier">html_safe?</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">result</span>.<span class="ruby-identifier">html_safe</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">result</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
        
        <div class="method">
          <div class="title method-title" id="method-c-json_escape">
            
              <b>json_escape</b>(s)
            
            <a href="Util.html#method-c-json_escape" name="method-c-json_escape" class="permalink">Link</a>
          </div>
          
          
            <div class="description">
              <p>A utility method for escaping <a href="../HTML.html">HTML</a> entities in
JSON strings using uXXXX JavaScript escape sequences for string literals:</p>

<pre class="ruby"><span class="ruby-identifier">json_escape</span>(<span class="ruby-string">'is a &gt; 0 &amp; a &lt; 10?'</span>)
<span class="ruby-comment"># =&gt; is a \u003E 0 \u0026 a \u003C 10?</span>
</pre>

<p>Note that after this operation is performed the output is not valid JSON.
In particular double quotes are removed:</p>

<pre class="ruby"><span class="ruby-identifier">json_escape</span>(<span class="ruby-string">'{&quot;name&quot;:&quot;john&quot;,&quot;created_at&quot;:&quot;2010-04-28T01:39:31Z&quot;,&quot;id&quot;:1}'</span>)
<span class="ruby-comment"># =&gt; {name:john,created_at:2010-04-28T01:39:31Z,id:1}</span>
</pre>
            </div>
          
          
          
          
          
            
            <div class="sourcecode">
              
              <p class="source-link">
                Source: 
                <a href="javascript:toggleSource('method-c-json_escape_source')" id="l_method-c-json_escape_source">show</a>
                
                  | <a href="https://github.com/rails/rails/blob/cc986db54665c4155f1b8da5d3f2ebf4a55ef23f/activesupport/lib/active_support/core_ext/string/output_safety.rb#L62" target="_blank" class="github_url">on GitHub</a>
                
              </p>
              <div id="method-c-json_escape_source" class="dyn-source">
                <pre><span class="ruby-comment"># File activesupport/lib/active_support/core_ext/string/output_safety.rb, line 62</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword ruby-title">json_escape</span>(<span class="ruby-identifier">s</span>)
  <span class="ruby-identifier">result</span> = <span class="ruby-identifier">s</span>.<span class="ruby-identifier">to_s</span>.<span class="ruby-identifier">gsub</span>(<span class="ruby-constant">JSON_ESCAPE_REGEXP</span>, <span class="ruby-constant">JSON_ESCAPE</span>)
  <span class="ruby-identifier">s</span>.<span class="ruby-identifier">html_safe?</span> <span class="ruby-operator">?</span> <span class="ruby-identifier">result</span>.<span class="ruby-identifier">html_safe</span> <span class="ruby-operator">:</span> <span class="ruby-identifier">result</span>
<span class="ruby-keyword">end</span></pre>
              </div>
            </div>
            
          </div>
                        </div>

    </div>
  </body>
</html>    